Main Vulnerability Database SB2015051508

SB2015051508 - Permissions, Privileges, and Access Controls in xen (Alpine package)

Published: May 15, 2015

Security Bulletin ID SB2015051508

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2015-2151)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

The x86 emulator in Xen 3.2.x through 4.5.x does not properly ignore segment overrides for instructions with register operands, which allows local guest users to obtain sensitive information, cause a denial of service (memory corruption), or possibly execute arbitrary code via unspecified vectors.

Remediation

Install update from vendor's website.

References

https://git.alpinelinux.org/aports/commit/?id=850840a2934c957dceba8fddf438d070edce71a4
https://git.alpinelinux.org/aports/commit/?id=a824d445bbe2abb22ca2362898b7e72054639120